Thanks for the response paul
while I will be definitley using some of your code to further improve mine,
my main issue was that notEmpty was not working for the password field
because Auth automagically hashes it. I have no problem with comparing the
two hashed passwords.
I will try with your validatePasswordLength function and see how it works
On Sun, Oct 25, 2009 at 3:31 AM, WebbedIT <p...@webbedit.co.uk> wrote:
>
> Here is my implementation:
>
> var $validate = array(
> 'user_group_id' => array('rule' => 'notEmpty'),
> 'username' => array(
> 'notEmpty',
> 'minLength' => array(
> 'rule' => array('minLength', '8'),
> 'message' => 'Must be at least 8 characters long'
> ),
> 'isUnique' => array(
> 'rule' => 'isUnique',
> 'message' => 'Sorry, this username has been taken, please try
> another'
> )
> ),
> 'password' => array(
> 'minLengthCreate' => array(
> 'rule' => array('__validatePasswordLength', false),
> 'message' => 'Must be at least 8 characters long',
> 'on' => 'create',
> 'last' => true
> ),
> 'minLengthUpdate' => array(
> 'rule' => array('__validatePasswordLength', true),
> 'message' => 'Must be at least 8 characters long',
> 'on' => 'update'
> )
> ),
> 'password_confirm' => array(
> 'notEmpty' => array(
> 'rule' => array('notEmpty'),
> 'message' => 'This field cannot be left blank',
> 'on' => 'create',
> 'last' => true
> ),
> 'confirmCreate' => array(
> 'rule' => array('__validateConfirmPassword', false),
> 'message' => 'Password confirmation does not match',
> 'on' => 'create'
> ),
> 'confirmUpdate' => array(
> 'rule' => array('__validateConfirmPassword', true),
> 'message' => 'Password confirmation does not match',
> 'on' => 'update'
> )
> )
> );
>
> function __validateConfirmPassword($field, $reset = false) {
> $valid = false;
> if (($reset && $this->data['User']['password'] == Security::hash
> (Configure::read('Security.salt')) && !$this->data['User']
> ['password_confirm']) || $this->data['User']['password'] ==
> Security::hash(Configure::read('Security.salt') . $field
> ['password_confirm'])) {
> $valid = true;
> }
> return $valid;
> }
>
> function __validatePasswordLength($field, $reset = false) {
> $valid = false;
> if (($reset && $field['password'] == Security::hash(Configure::read
> ('Security.salt')) && !$this->data['User']['password_confirm'])
> || strlen($this->data['User']['password_confirm']) >= 8) {
> $valid = true;
> }
> return $valid;
> }
>
> function beforeSave() {
> if (isset($this->data['User']['password']) && $this->data['User']
> ['password'] == Security::hash(Configure::read('Security.salt'))) {
> // password blank so reset to existing password
> $this->data['User']['password'] = $this->field('password', array
> ('id' => $this->id));
> }
> return true;
> }
>
> There is some extra code in there that allows you to have a New
> Password and Confirm Password fields in your user's edit form rather
> than having reset password as a separate form elsewhere which checks
> to see if the password is being edited and applies slightly different
> logic, i.e. allows a blank value without resetting the password.
>
> The idea is to check that the password value hashed does not match
> your salt value hashed alone, i.e. the field was not blank. Lastly my
> beforeSave() will pull the existing password out of the table if you
> are editing and left the password field blank .. stops the password
> getting overwritten by an empty hashed value.
>
> Hope this helps.
> >
>
--
David C. Roda
717-917-2169
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
